Nato deputy assistant secretary general Jamie Shea issued the statement in video review exploring the ethical hacking community. He said: "In order to have a defence you need to have a much wider group of people with a much broader set of skills working for you than as in the old days when we were talking about the man from the ministry with a set identity. That's not the case anymore."
A Nato spokesman added in the video that the community is currently an under-tapped source that could help temporarily plug the global cyber skills gap.
"Traditionally, ethical hackers, known as white hats, have disclosed security bugs for free and many continue to do so just for the prestige. But with industry and governments around the world looking to beef up their cyber defences, ethical hackers can now have the pick of jobs in a booming industry."
The spokesman added that companies and governments must work to create an ethical disclosure culture making financially – as well as legally – advantageous for bug hunters to responsibly report vulnerabilities. The news was welcomed by private security expert Graham Cluley, who mirrored Nato's sentiment in a blog post.
"The risk associated with a security exploit being sold to the highest bidder, of course, is that the average user doesn't necessarily get protected. Instead, details of the flaw may never be exposed to the software vendor, giving others an opportunity to abuse it for their own financial or intelligence gain," he wrote.
"Clearly that is something the Nato video is concerned about, and it takes pains to interview hackers who believe in responsible disclosure of bugs to vendors, giving the manufacturer time to fix the problem before details of the bug are made public. With the stakes rising all the time, it's no wonder that more people are wondering whether a career in IT security might be a good choice for them – either as a defender, or as a bug hunter."
Nato's statements follow numerous warnings that governments are failing to train the next generation of cyber security experts. Most recently the UK National Audit Office (NAO) issued a report warning that the skills gap would last 20 years, costing the UK £27bn a year.
Despite the negative forecast the Nato spokesman highlighted the UK Cyber Strategy as a key positive addressing the gap. "There is a shortage of skilled IT security professionals around the world. The UK has recently launched a training and education initiative in schools and universities to address the skills gap."
The Cyber Strategy was announced in 2011, when the UK government pledged to invest £650 to train the next generation of security experts. The initiative has had a heavy focus on education, setting up numerous higher education centres and apprenticeship schemes for young people looking to enter the security industry. In May the UK government pledged to invest £7.5m to create new cyber security research centres at Oxford University and Royal Holloway University London.
No comments:
Post a Comment